Privacy-Preserving Public Auditing Research Articles

Blockchain-Based Privacy-Preserving Public Auditing for Group Shared Data

Cloud storage has been widely used to team work or cooperation development. Data owners set up groups, generating and uploading their data to cloud storage, while other users in the groups download and make use of it, which is called group data sharing. As all kinds of cloud service, data group sharing also suffers from hardware/software failures and human errors. Provable Data Possession (PDP) schemes are proposed to check the integrity of data stored in cloud without downloading. However, there are still some unmet needs lying in auditing group shared data. Researchers propose four issues necessary for a secure group shared data auditing: public verification, identity privacy, collusion attack resistance and traceability. However, none of the published work has succeeded in achieving all of these properties so far. In this paper, we propose a novel blockchain-based ring signature PDP scheme for group shared data, with an instance deployed on a cloud server. We design a linkable ring signature method called Linkable Homomorphic Authenticable Ring Signature (LHARS) to implement public anonymous auditing for group data. We also build smart contracts to resist collusion attack in group auditing. The security analysis and performance evaluation prove that our scheme is both secure and efficient.

Blockchain-Assisted Conditional Anonymity Privacy-Preserving Public Auditing Scheme With Reward Mechanism

In real-world scenarios, in order to encourage one to report others crimes, judicial department usually rents independent cloud storage spaces to receive the precious evidences from whistleblowers. Since the uploaded data are not controlled by cloud users, remote data integrity is very important. Public cloud auditing enables an auditor to periodically check the integrity of outsourcing data on behalf of users, without retrieving the entire data file. However, most existing data auditing schemes have potential security vulnerabilities, and thus cannot defense many security attacks (e.g., the man-in-the-middle attack). Meanwhile, it is significant to protect whistleblower’s identity privacy, reward the real data uploader, and further trace the responsibility of slanders accurately. From the aforementioned requirements, we present an efficient blockchain-assisted conditional anonymity privacy-preserving public auditing (BA-CAPPPA) scheme with reward mechanism. The Ethereum blockchain is integrated into BA-CAPPPA to enhance the security level of the whole public auditing mechanism. Theoretical analysis results show that the BA-CAPPPA achieves man-in-the-middle attack resistance, storage correctness guarantee, data privacy-preservation, conditional identity anonymity, and reward mechanism. Performance evaluations and comparisons demonstrate that BA-CAPPPA could outperform some state-of-the-art data auditing schemes.

An Efficient Privacy-Preserving Public Auditing Protocol for Cloud-Based Medical Storage System.

The booming Internet of Things makes smart healthcare a reality, while cloud-based medical storage systems solve the problems of large-scale storage and real-time access of medical data. The integrity of medical data outsourced in cloud-based medical storage systems has become crucial since only complete data can make a correct diagnosis, and public auditing protocol is a key technique to solve this problem. To guarantee the integrity of medical data and reduce the burden of the data owner, we propose an efficient privacy-preserving public auditing protocol for the cloud-based medical storage systems, which supports the functions of batch auditing and dynamic update of data. Detailed security analysis shows that our protocol is secure under the defined security model. In addition, we have conducted extensive performance evaluations, and the results indicate that our protocol not only remarkably reduces the computational costs of both the data owner and the third-party auditor (TPA), but also significantly improves the communication efficiency between the TPA and the cloud server. Specifically, compared with other related work, the computational cost of the TPA in our protocol is negligible and the data owner saves more than 2/3 of computational cost. In addition, as the number of challenged blocks increases, our protocol saves nearly 90% of communication overhead between the TPA and the cloud server.

Privacy-Preserving Public Auditing for Shared Cloud Data With Secure Group Management

With cloud storage services, users can store their data in the cloud and efficiently access the data at any time and any location. However, when data are stored in the cloud, there is a risk of data loss because users lose direct control over their data. To solve this problem, many cloud storage auditing techniques have been studied. In 2019, Tian <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">et al.</i> proposed a public auditing scheme for shared data that supports data privacy, identity traceability, and group dynamics. In this paper, we point out that their scheme is insecure against tag forgery or proof forgery attacks, which means that, even if the cloud server has deleted some outsourced data, it can still generate valid proof that the server had accurately stored the data. We then propose a new scheme that provides the same functionalities and is secure against the above attacks. Moreover, we compare the results with other schemes in terms of computation and communication costs.

CIPPPA: Conditional Identity Privacy-Preserving Public Auditing for Cloud-Based WBANs Against Malicious Auditors

Wireless body area networks (WBANs) rely on powerful cloud storage services to manage massive medical data. As precise medical diagnosis analysis is heavily based on these medical data, any altered medical data may cause severe consequences, the integrity of outsourced medical data has become the most concerning security issue. Up to date, most existing public auditing mechanisms have been proposed to check the data integrity, but they could not achieve conditional identity privacy, any patient would not like others to know his/her real identity corresponding to certain serious disease, and some malicious patients should be revoked timely due to misbehaviors. Additionally, they are vulnerable to malicious auditors, by colluding with the cloud server to cheat patients. In this paper, we propose a conditional identity privacy-preserving public auditing (CIPPPA) mechanism for cloud-based WBANs. CIPPPA is the first public auditing mechanism achieving conditional identity privacy of patients in WBANs, the real identity of a patient is unknown to anyone in cloud-based WBANs other than the private key generator (PKG). We attempt to integrate Ethereum blockchain into CIPPPA, which gives assistance to patients for validating malicious auditing behaviors. Formal security analysis and performance evaluation demonstrate that CIPPPA is practical for cloud-based WBANs.

Privacy Preserving Public Auditing for Secure Cloud Storage

Privacy Preserving Public Auditing for Secure Cloud Storage

Efficient Privacy-Preserving Certificateless Public Auditing of Data in Cloud Storage

Cloud computing is a fast-growing technology which supplies scalable, innovative, and efficient business models. However, cloud computing is not fully trusted, and the security of the data outsourced in cloud storage needs to be guaranteed. One of the hottest issues is how to ensure the integrity of the data in cloud storage. Until now, many researchers have proposed lots of provable data possession (PDP) schemes to deal with the problem of data integrity audition. Nevertheless, very little effort has been devoted to preserve the data uploader’s privacy while auditing the integrity of data shared in a group. To overcome the shortcoming, we propose a novel certificateless PDP protocol to efficiently audit the integrity of data shared in a workgroup with user privacy preserving. Due to the inherent structural advantage of the certificateless crypto mechanism, our PDP scheme eliminates the key escrow problem and the certificate management problem simultaneously. Moreover, the audition process in our scheme does not need any user’s identity which helps to keep the anonymity of data uploader. We give for our scheme a detailed security proof and efficiency analysis. Experiment results of performance evaluation demonstrate that our new scheme is very efficient and feasible.

Privacy-Preserving Proof of Storage for the Pay-As-You-Go Business Model

Proof of Storage (PoS) enables a cloud storage provider to prove that a client’s data is intact. However, existing PoS protocols are not designed for the pay-as-you-go business model in which payment is made based on both storage volume and duration. In this paper, we propose two PoS protocols suitable for the pay-as-you-go storage business model. The first is a time encapsulated Proof of Retrievability (PoR) protocol that ensures retrievability of the original file upon successful auditing by a client. Considering the large size of outsourced data, we then extend the protocol to a privacy-preserving public auditing protocol which allows a third party auditor to audit outsourced data on behalf of its clients without sacrificing the privacy of the data or the timestamp (i.e., time of storage). We formalize the definition, system model and security model of the proposed PoS system and prove the security of the proposed protocols by a sequence of games in the algebraic group model with a random oracle. We analyze the performance of the protocols both theoretically and experimentally and show that the protocols are practical.

Comments on “Privacy-Preserving Public Auditing Protocol for Regenerating-Code-Based Cloud Storage”

Public auditing protocol is crucial for the success of cloud computing, as it can ensure the outsourced data in cloud server are not tampered by attackers. Due to its importance, public auditing protocol has received considerable attention in the past years. In 2015, Liu et al. proposed a privacy-preserving public auditing protocol for regenerating-code-based cloud storage (IEEE Transactions on Information Forensics and Security, 10(7):1513-1528, 2015) and claimed it is secure under the considered security model. However, in this article, we will show that their protocol is not as secure as they claimed, i.e., the proxy delegated by the data owner can forge an authenticator for any data block, which obviously invalidates their protocol's security. We hope that by identifying the design flaw, similar weaknesses can be avoided in future protocol design.

Decentralized and Privacy-Preserving Public Auditing for Cloud Storage Based on Blockchain

Cloud storage systems provide a flexible, convenient and friendly way for users to outsource data. However, users lose control of their data once outsourcing them to the cloud. Public auditing was introduced to ensure data integrity, in which a third-party auditor (TPA) is delegated to execute auditing tasks. In general, TPA generates and sends challenge information to the cloud server (CS), which proves data possession accordingly. However, the TPA may not perform public auditing protocol honestly or may even collude with CS to deceive users. Some existing public auditing schemes utilize blockchain to resist against the malicious TPA. However, the CS may guess the challenge messages and there is a risk that users' information may be leaked to the TPA during the process of auditing. In this paper, we propose a decentralized and privacy-preserving public auditing scheme based on blockchain (DBPA), in which a blockchain is utilized as an unpredictable source for the generation of (random) challenge information, and the auditor is required to record the audit process onto the blockchain. Due to the characteristics of blockchain, users can check the audit results publicly. Moreover, zero-knowledge proof is used in DBPA to protect user's privacy during the audit process so that the response information returned by the CS does not leak information about user's data. Security analysis and performance evaluation show that DBPA is secure and efficient.

Privacy-Preserving Public Auditing and Data Dynamics for Secure Cloud Storage Based on Exact Regenerated Code

Cloud storage allows users to store their data in the cloud to avoid local storage and management costs. Since the cloud is untrusted, the integrity of stored data in the cloud has become an issue. To address this problem, several public auditing schemes have been designed to verify integrity of the data in the cloud. However, these schemes have two drawbacks: public auditing may reveal sensitive data to verifier and does not address the data recovery problem efficiently. This article proposes a new privacy-preserving public auditing scheme with data dynamics to secure the data in the cloud based on an exact regenerated code. This scheme encodes the data for availability, then masks the encoded blocks with randomness for privacy of data and enables a public auditor to verify the integrity of the data. Further, this scheme also supports dynamic data updates. In addition, security and performance analysis proves that proposed scheme is provably secure and efficient.

User stateless privacy-preserving TPA auditing scheme for cloud storage

In recent years, researchers have proposed some privacy-preserving public auditing schemes to remotely check the integrity of the outsourced data in cloud storage based on the homomorphic authenticators, random blocks sampling and random masking techniques. However, users need to maintain a table related to the block index in almost all of these schemes. It is difficult for users to maintain the table, especially when the outsourced data is frequently updated. To deal with it, a user stateless privacy-preserving public auditing scheme is put forward on rank-based authenticated skip list, which can support dynamical operations completely and makes it unnecessary for users to maintain the relevant table. When the server receives the data originally stored by the user or the user performs dynamic operations on its outsourced data, the server provide users with a time-stamped receipt signed by the both parties. The receipt can not only protect the cloud server from being extorted by the dishonest user, but also ensure that the cloud server update the user's data as required. A formal security proof for data integrity guarantee and an analysis for privacy-preserving property are made in the auditing phase to show the correctness of the scheme. The performance analysis indicates that our interactive audit protocol is with high efficiency.

Genuine and secure public auditing for the outsourced data in cloud

In cloud storage, the most common concerns for users are data integrity, confidentiality and availability. Recently, many data integrity auditing schemes have been proposed, some of which achieved privacy-preserving public auditing, some of which realised data sharing and group dynamic, and some of which supported data dynamic. However, as far as we know, there does not exist a practical auditing scheme which can simultaneously realise all the functions mentioned above; In addition, all the existing schemes adopt the method of computing message authentication code (MAC) by users to achieve the following data integrity auditing, nevertheless, it is a arduous task to compute MACs for these cloud users with constrained computing and storage capabilities. In this paper, we propose a novel privacy-preserving public auditing scheme for shared data in the cloud, which can also support data dynamic operation and group dynamic. First, we bring proxy signature into the existing auditing scheme. The cloud user can delegate the computation of MACs to a cloud computing server, so that the user's burden would be greatly reduced; second, by introducing a Lagrange interpolating polynomial, our scheme realises the identity privacy-preserving in the precondition of almost no addition of any new computation and less storage space, moreover it makes group dynamic simple; third, we make an index-switch table and combine it with the Merkle hash tree to realise the practical and secure dynamic operations of shared data by group users; fourth, in our scheme, the cloud storage server will add its private key in producing the proof information to protect the data privacy and resist the active attack. Theoretical analysis demonstrates our scheme is provably secure.

Privacy Preserving Public Auditing for Cloud Storage Using Elliptic Curve Digital Signature

Privacy Preserving Public Auditing for Cloud Storage Using Elliptic Curve Digital Signature

Privacy-Preserving Public Auditing for Non-manager Group Shared Data

By the widespread use of cloud storage service, users get a lot of conveniences such as low-price file remote storage and flexible file sharing. The research points in cloud computing include the v...

Attack on Privacy-Preserving Public Auditing Schemes for Cloud Storage

With the development of Internet, cloud computing has emerged to provide service to data users. But, it is necessary for an auditor on behalf of users to check the integrity of the data stored in the cloud. The cloud server also must ensure the privacy of the data. In a usual public integrity check scheme, the linear combination of data blocks is needed for verification. But, after times of auditing on the same data blocks, based on collected linear combinations, the auditor might derive these blocks. Recently, a number of public auditing schemes with privacy-preserving are proposed. With blinded linear combinations of data blocks, the authors of these schemes believed that the auditor cannot derive any information about the data blocks and claimed that their schemes are provably secure in the random oracle model. In this paper, with detailed security analysis of these schemes, we show that these schemes are vulnerable to an attack from the malicious cloud server who modifies the data blocks and succeeds in forging proof information for data integrity check.

Multi-Cryptosystem based Privacy-Preserving Public Auditing for Regenerating Code based Cloud Storage

Multi-Cryptosystem based Privacy-Preserving Public Auditing for Regenerating Code based Cloud Storage

Privacy-Preserving Public Auditing Protocol for Low-Performance End Devices in Cloud

Cloud storage provides tremendous storage resources for both individual and enterprise users. In a cloud storage system, the data owned by a user are no longer possessed locally. Hence, it is not competent to ensure the integrity of the outsourced data using traditional data integrity checking methods. A privacy-preserving public auditing protocol allows a third party auditor to check the integrity of the outsourced data on behalf of the users without violating the privacy of the data. However, existing privacy-preserving public auditing protocols assume that the end devices of users are powerful enough to compute all costly operations in real time when the data to be outsourced are given. In fact, the end devices may also be those with low computation capabilities. In this paper, we propose two lightweight privacy-preserving public auditing protocols. Our protocols are based on online/offline signatures, by which an end device only needs to perform lightweight computations when a file to be outsourced is available. Besides, our proposals support batch auditing and data dynamics. Experiments show that our protocols are hundreds of times more efficient than a recent proposal regarding to the computational overhead on user side.

Privacy-Preserving Public Auditing for Dynamic Group Based on Hierarchical Tree

Privacy-Preserving Public Auditing for Dynamic Group Based on Hierarchical Tree

Review of Privacy Preserving Public Auditing Techniques

computing provides services where can store their data remotely on cloud and can access their data from anywhere, anytime by means of internet. Cloud computing enables to use the data stored on cloud as if the data is local without worrying about its accuracy and reliability. But a major challenge in cloud computing is to ensure the integrity of users outsourced data on cloud server. Public auditing service makes use of an independent third party to check data storage correctness on cloud on behalf of data owner itself. This paper analyzes various techniques employed in order to perform secure cloud auditing to verify the integrity of outsourced data on cloud. Also it discusses limitations associated with these protocols and lastly proposes a scheme to ensure privacy and security in public auditing for cloud storage Keywordscomputing; Data Integrity; ElGamal algorithm; SHA- 256; Third party auditor.